Thrust-Parry: Equalizing Offensive, Defensive Cyber Skills

Aug. 1, 2013 - 03:45AM
|

The barrage of malicious attacks from insider threats, hactivists, cyber criminals and nation states is forcing DoD organizations to rethink how they train the cyber workforce to equip cyber defenders and attackers with similiar skill sets, according to officials.

“Today our defenders are being trained co-equal with our exploiters and attackers,” which has not always been the case, said Rear Adm. Sean Filipowski, director of intelligence for U.S. Cyber Command. “Why? Because defense has to be our first line of defense.”

Cyber Command can’t be overly reliant on the fact that its attackers may be able to “create an effect that would not enable an adversary to hurt us in cyberspace,” said Filipowski, who spoke Tuesday at the AFCEA Global Intelligence Forum in Washington. “So our defenders have to be trained at the same level.”

One problem is that cyber defenders often do not operate at the same security clearance levels as intelligence professionals, who can exploit enemy networks, and therefore they do not have access to the same information.

Filipowski said intelligence personnel have to understand how the networks operate in order to support the people who defend it. “If each of them are not in a good symbiotic relationship then, quite frankly, we can’t create the atmosphere we need for the exchange of information to understand the context of what we’re fighting in cyberspace,” he said.

DoD officials have said little publicly about the specific offensive capabilities they are building within the department’s workforce. Such skill sets could allow cyber experts to slip into an adversary’s network undetected to gather intelligence or prepare for an offensive operation.

The Air Force, for example, is developing systems “designed for the exfiltration of information while operating within adversary information systems,” according to reports by USA Today.

To adapt to evolving cyber threats, the Marine Corps also wants its cyber defenders and attackers to have similar training, said Ray Letteer, senior information assurance official for the service. “I’m seeing more and more of that,” he said.

Sequester budget cuts are also forcing agencies to re-evaluate how they train and hire cyber experts.

The sequester is “having an enormous impact on us,” said Dan Scott, deputy assistant director of national intelligence for human capital.

“The workforce that we have today is the workforce that we will have in 2020,” said Scott. “There is no getting around it. I can’t really hire thousands of people, I’ve got to develop the people I have, or I need to get rid of the people that I don’t want and then hire replacements.”

He stressed the need for comprehensive civil service reform and flexibility “to bring people in, to retain the skills that we need, to refresh those skills that are out of date, and, to those who just decide that they cannot perform or will not get up to date, we need to be able to send them along the way.”

When it comes to training, there is value in combining traditionally separate disciplines, such as attackers and defenders, into one cyber workforce, said Mark Young, former executive director for plans and policy at Cyber Command. Young is president and general counsel at cyber consulting firm Ronin Analytics.

“If you could hand me a guy … who can design, build, operate, defend and attack our network, they are that much more powerful a player for me to use in defense of the country,” Young said. “What used to take me about 50 people to do, you give me that kind of skill set, I can do it with 10.”

Given the current budget environment, “we are going to be driven to that one way or another,” he said.

Thrust-Parry: Equalizing Offensive, Defensive Cyber Skills

With fewer eyeballs monitoring the government's networks for malicious activities and an increasing number of federal systems sitting idle during the shutdown, security experts fear it could create a perfect storm for insiders and hackers looking to do ag